The United States has a “long way to go” in tightening its cyber defenses in wake of last week’s Colonial Pipeline attack, Transportation Secretary Pete Buttigieg told Spectrum News on Thursday, calling the hack from the self-identified criminal group DarkSide a “wake up call” that highlighted gaping vulnerabilities in U.S. critical infrastructure, and underscored the level of public-private coordination necessary to fend off sophisticated enemies in this new threat landscape.
This issue “isn’t going away,” Buttigieg told Spectrum News’ Samantha-Jo Roth. “Cyber issues are only going to become more and more important, as more and more of our systems are managed by computers, or with connected computers that are guiding things through network operations.”
And more connected systems ultimately mean there are more vulnerabilities for bad actors to identify and exploit, experts say.
“Every single time you connect something, you run the risk that you’re going to infect something,” said Kevin Book, a managing director at Clearview Energy Partners, told The Associated Press. “That variability can also make it harder for hackers to know where to find vulnerabilities.”
The pipeline attack demonstrates “how vulnerable this type of instrastructure can be,” Buttigieg noted. The pipeline is responsible for moving approximately 45% of the East Coast’s fuel, and the shutdown had ripple effects up and down the Eastern Seabord. Gas price rose to over $3-per-gallon for the first time in six years, according to AAA, and gas stations from Florida to New Jersey are reporting that they are without fuel, per Patrick De Haan, an analyst with GasBuddy.
“So we need to be assessing our vulnerabilities,” he said. “We need to be making sure our defenses are strong. And I can tell you, there’s a real focus on this and has been from day one in the White House, in the Department of Homeland Security, and on the transportation side. We’re doing everything we can to partner with them and get ahead of these issues.”
“I can tell you, the Secretary of Homeland Security is very focused on making sure that we are secure in the face of cyber threats,” Buttigieg added.
Buttigieg’s remarks come less than a day after President Joe Biden signed an executive order to help shore up U.S. cybersecurity defenses. Unlike efforts passed by his predecessors, Biden’s order is uniquely focused on information sharing and private sector coordination.
Biden’s order will take several actions in an effort to help improve the nation’s cyber defenses, including removing barriers to ensure that IT service providers can share information with the federal government, including mandating that they share information in the event of a breach. The order will also mandate the use of multifactor authentication and encryption for federal government systems, as well as allow the government to secure cloud services and a zero-trust architecture.
It will also create baseline security standards for development of software sold to the government, for example, and establishes an incident review board tasked with reviewing major hacking incidents.
Both the government and private sector must work together to thwart “persistent and increasingly sophisticated malicious cyber campaigns” that pose a grave threat to the U.S., the order said.
“Every time something happens to our infrastructure, whether it’s the pipeline issues we’ve had over the past week, or the grid issues that happened in Texas during the terrible winter storm, [it’s] a reminder that we can’t sit around and wait for our infrastructure to get better on its own,” Buttigieg told Spectrum News.
There are 16 areas of designated critical infrastructure in the U.S., which include the systems of transportation, finance, health care and more. We rely on these systems to function as a society, Buttigieg said – yet malicious actors looking to breach these systems are only growing more sophisticated. “There’s a real sense of urgency” for the government to remedy such vulnerabilities, Buttigieg said.
“The truth is, we’ve got a long way to go as a country as we see these new kinds of threats emerging,” he added. “One of the things we learned over the past year or two is kinds of threats we weren’t thinking about much a few years ago – from health security threats to climate security threats to cybersecurity threats.
“It’s something that we really need individual companies and communities to think about not just the federal government,” Buttigieg emphasized. “Our system is only as strong as its weakest link.”
Watch Transportation Secretary Pete Buttigieg’s full interview Spectrum News’ Samantha-Jo Roth above.